Lucene search
HistoryJan 18, 2023 - 6:15 a.m.
CVE-2022-32490
dell bios
input validation
local user
arbitrary code execution
smram
smi
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS
0
Percentile
5.1%
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
Affected configurations
Node
delledge_gateway_3000_firmwareRange<1.9.0
delledge_gateway_3000Match-
Node
delledge_gateway_5000_firmwareRange<1.19.0
delledge_gateway_5000Match-
Node
dellembedded_box_pc_3000_firmwareRange<1.15.0
dellembedded_box_pc_3000Match-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| dell | edge_gateway_3000_firmware | * | cpe:2.3:o:dell:edge_gateway_3000_firmware:*:*:*:*:*:*:*:* |
| dell | edge_gateway_3000 | - | cpe:2.3:h:dell:edge_gateway_3000:-:*:*:*:*:*:*:* |
| dell | edge_gateway_5000_firmware | * | cpe:2.3:o:dell:edge_gateway_5000_firmware:*:*:*:*:*:*:*:* |
| dell | edge_gateway_5000 | - | cpe:2.3:h:dell:edge_gateway_5000:-:*:*:*:*:*:*:* |
| dell | embedded_box_pc_3000_firmware | * | cpe:2.3:o:dell:embedded_box_pc_3000_firmware:*:*:*:*:*:*:*:* |
| dell | embedded_box_pc_3000 | - | cpe:2.3:h:dell:embedded_box_pc_3000:-:*:*:*:*:*:*:* |
References
Related
cvelist
cvelist
CVE-2022-32490
2023-01-18 05:59:52
nessus
nessus
Dell Client BIOS Improper Input Validation (DSA-2022-249)
2022-11-10 00:00:00
cve
cve
CVE-2022-32490
2023-01-18 06:15:11
prion
prion
Input validation
2023-01-18 06:15:00
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS
0
Percentile
5.1%
Related for NVD:CVE-2022-32490